[systemd-devel] Fix systemd-udev labeling of /var/run directory.

[Dan Walsh]

systemd-udev is currently incorrectly labeling /run/udev/* content because it is
using selinux prefix labeling of /dev.  This patch will allow systemd-udev to
use prefix labeling of /dev and /run.


>From 779a7148a40f56529821d37ac348abec3b565459 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwa...@redhat.com>
Date: Wed, 30 May 2012 15:34:55 -0400
Subject: [PATCH 5/6] Switch to using prefix array rather then single prefix.
 This will allow proper labeling of /dev and /var/run
 (/run) directory from systemd-udev

---
 src/shared/label.c |    6 +++---
 src/shared/label.h |    2 +-
 src/udev/udevadm.c |    4 +++-
 src/udev/udevd.c   |    3 ++-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/shared/label.c b/src/shared/label.c
index 2d7d42a..39c6f03 100644
--- a/src/shared/label.c
+++ b/src/shared/label.c
@@ -52,7 +52,7 @@ void label_retest_selinux(void) {
 
 #endif
 
-int label_init(const char *prefix) {
+int label_init(const char *prefixes[]) {
         int r = 0;
 
 #ifdef HAVE_SELINUX
@@ -68,9 +68,9 @@ int label_init(const char *prefix) {
         before_mallinfo = mallinfo();
         before_timestamp = now(CLOCK_MONOTONIC);
 
-        if (prefix) {
+        if (prefixes) {
                 struct selinux_opt options[] = {
-                        { .type = SELABEL_OPT_SUBSET, .value = prefix },
+                        { .type = SELABEL_OPT_SUBSET, .values = prefixes },
                 };
 
                 label_hnd = selabel_open(SELABEL_CTX_FILE, options, ELEMENTSOF(options));
diff --git a/src/shared/label.h b/src/shared/label.h
index 3f880e3..90b49ff 100644
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -26,7 +26,7 @@
 #include <stdbool.h>
 #include <sys/socket.h>
 
-int label_init(const char *prefix);
+int label_init(const char *prefixes[]);
 void label_finish(void);
 
 int label_fix(const char *path, bool ignore_enoent);
diff --git a/src/udev/udevadm.c b/src/udev/udevadm.c
index 5217d7f..c7d13f3 100644
--- a/src/udev/udevadm.c
+++ b/src/udev/udevadm.c
@@ -91,6 +91,7 @@ int main(int argc, char *argv[])
                 { "version", no_argument, NULL, 'V' },
                 {}
         };
+        const char *prefixes[] = { "/dev", "/var/run", NULL };
         const char *command;
         unsigned int i;
         int rc = 1;
@@ -102,7 +103,8 @@ int main(int argc, char *argv[])
         log_open();
         log_parse_environment();
         udev_set_log_fn(udev, udev_main_log);
-        label_init("/dev");
+
+        label_init(prefixes);
 
         for (;;) {
                 int option;
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 0d85960..85d4f66 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -1030,6 +1030,7 @@ int main(int argc, char *argv[])
         int fd_ctrl = -1;
         int fd_netlink = -1;
         int fd_worker = -1;
+        const char *prefixes[] = { "/dev", "/var/run", NULL };
         struct epoll_event ep_ctrl, ep_inotify, ep_signal, ep_netlink, ep_worker;
         struct udev_ctrl_connection *ctrl_conn = NULL;
         int rc = 1;
@@ -1042,7 +1043,7 @@ int main(int argc, char *argv[])
         log_parse_environment();
         udev_set_log_fn(udev, udev_main_log);
         log_debug("version %s\n", VERSION);
-        label_init("/dev");
+        label_init(prefixes);
 
         for (;;) {
                 int option;
-- 
1.7.10.2


_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel